Category | Details |
---|---|
Threat Actors | International cybercriminal group, potentially ransomware-as-a-service syndicate. |
Campaign Overview | Breach of Rhode Island’s RIBridges system in December 2024, targeting health and benefits data, followed by ransom demands. |
Target Regions | Rhode Island, USA. |
Methodology | Access through an online account; lateral movement to replication infrastructure; exfiltration of core data before encryption. |
Product Targeted | RIBridges (Rhode Island Benefits System), core replication servers. |
Malware Reference | Unnamed ransomware and malware detected in file folders during the attack. |
Tools Used | Ransomware, malware for data exfiltration and encryption, potentially RaaS infrastructure. |
Vulnerabilities Exploited | Likely weak credentials or misconfigured online accounts enabling lateral movement. |
TTPs | Credential compromise, lateral movement, data exfiltration, encryption for ransom. |
Attribution | Sophisticated criminal syndicate; possibly ransomware-as-a-service operators. |
Recommendations | 1. Freeze credit and enable multi-factor authentication. 2. Strengthen passwords. 3. Monitor for identity theft or fraud. |
Source | Hackread |
Read full article: https://hackread.com/hackers-leak-partial-cisco-data-4-5tb-exposed-records/
The above summary has been generated by an AI language model
Leave a Reply